pfBlockerNG sync not working
-
@IT_Luke Glad you revived this thread, I am seeing the same thing as well, noticed it last week when I was doing some big changes and nothing synced over.
Force reload always fixes it though. Still annoying to have to go in and do it.
-
@planedrop You can always (re)apply the one liner fix to the pfblockerng.php file under /usr/local/www/pfblockerng/ on the Master node. Haven't had any issues since.
-
@SteveITS @Bob-Dig The latest 3.2.0_18 update still doesn't have the cron update slave sync fix. To apply this again you just have to add the same oneliner to line 590 in the same pfblocker.php file (under /usr/local/www/pfblockerng/):
// Function to update Lists/Feeds as per Cron function pfblockerng_sync_cron() { global $config, $pfb, $pfbarr; **pfblockerng_sync_on_changes(); // Sync config to HA slave @cron time to ensure config alignment** $hour = date('G'); $dow = date('N'); -
@planedrop @SteveITS @Bob-Dig The latest 3.2.0_19 update has fixed the missing XML_RPC sync issue with the slave - it syncs whether you manually run Update or Cron (and of course a full reload) so the workaround is no longer necessary.
-
@IT_Luke OK this is great news, thanks for sharing!
-
And it seems that certain special characters in the password don't work either.
I have a special user for HA Sync. And when syncing, I always got “User or Password not correct” (or something like that) on the console and the sync failed. To rule out that it is the user, I tested it with the “admin” user. This user also has special characters in the password and the result was the same.
I then generated a new password for the HA user, using only letters (upper and lower case) and numbers. The sync now works without any problems.
-
@Beerman That's curious: have you tried resetting the password using your special characters again to see if that still fails? Maybe it's one particular character which breaks it (if I recall correctly there was an issue sometime back which is why I didn't use any).
-
...and 3.2.0_20 released yesterday to fix GEOIP / ASN entry issues.
-
@IT_Luke This may be really dumb, but do we have any timeline ideas for the non-Devel edition?
I moved all my installs back to non-Devel a while back, I can't recall the exact article/post why but my understanding was the main branch was basically becoming the Devel branch. Clearly I misunderstood that but I'm probably not going to back to Devel on any production installs anyway.
-
@planedrop You didn't misunderstand, that's exactly what was said some months ago: the intention of merging and maintaining solely the non devel version and the suggestion to switch over. I stuck with the devel version on all my installs as as a tester myself with my team we always have a devel branch and a production branch, especially when you roll out changes that are hard to debug in the immediate. I suspect that the devel branch will remain, but hey don't take my word for it, it's just a gut feeling. They may very well drop it in the future and keep a "closed" branch meaning that they will only do this internally or with official beta testers, but then they won't get a large feedback test pool like they have now if you see what I mean (that's the beauty of Open Source and having an active community with developers). Maybe something has changed but personally I'm sticking with the devel branch until further notice. I understand also that things are changing for pfSense itself (as you see the releases are going to be available only with the installer and the ISOs will be removed from download from the still accessible repository) so all this must blend in somehow even if apparently pfB is a seperate service (but we all know that it's become one of the most valueable add-ons for the product). I'm sure the updates will be eventually rolled out on the non devel branch - however I don't know anything about the timeline or intentions and why these initial hints regarding the devel version (BBCan can only shed light on that), I'm just speculating based on my intuitions!
-
@IT_Luke OK glad I am not crazy, couldn't really find that much info on it Googling for some reason (though Google has become terrible recently so I'm not totally surprised) but knew I had seen it somewhere.
I will probably move back to Devel on my main testing installation so I can check out some of the new stuff until further notice.
